Recently, Google detected a phishing campaign which tricked users into granting access to their address book. Fortunately, Google was able to halt the campaign quickly after detecting it.
Here’s how the campaign worked: Users received an email invitation to a Google Doc with a link to a legitimate Google login page. This page contained a link to “continue to Google Docs.” By clicking on this link, the user granted access to their email password and address book.
Although Google has halted this particular campaign, users should continue to be on the alert for suspicious emails. Here’s how you can protect yourself within the Google environment:
Source: Protecting you against phishing
How to protect yourself when using your QC email:
- Beware of emails that appear to be from known contacts but have a vague subject line. Spelling errors and poor grammar might also be a giveaway that the email is not from a trusted source.
- Report suspicious emails to the OIT Help Desk (firstname.lastname@example.org).